+libpve-access-control (8.1.4) bookworm; urgency=medium
+
+ * fix #5335: sort ACL entries in user.cfg to make it easier to track changes
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 22 Apr 2024 13:45:22 +0200
+
+libpve-access-control (8.1.3) bookworm; urgency=medium
+
+ * user: password change: require confirmation-password parameter so that
+ anybody gaining local or physical access to a device where a user is
+ logged in on a Proxmox VE web-interface cannot give them more permanent
+ access or deny the actual user accessing their account by changing the
+ password. Note that such an attack scenario means that the attacker
+ already has high privileges and can already control the resource
+ completely through another attack.
+ Such initial attacks (like stealing an unlocked device) are almost always
+ are outside of the control of our projects. Still, hardening the API a bit
+ by requiring a confirmation of the original password is to cheap to
+ implement to not do so.
+
+ * jobs: realm sync: fix scheduled LDAP syncs not applying all attributes,
+ like comments, correctly
+
+ -- Proxmox Support Team <support@proxmox.com> Fri, 22 Mar 2024 14:14:36 +0100
+
+libpve-access-control (8.1.2) bookworm; urgency=medium
+
+ * add Sys.AccessNetwork privilege
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 28 Feb 2024 15:42:12 +0100
+
+libpve-access-control (8.1.1) bookworm; urgency=medium
+
+ * LDAP sync: fix-up assembling valid attribute set
+
+ -- Proxmox Support Team <support@proxmox.com> Thu, 08 Feb 2024 19:03:26 +0100
+
+libpve-access-control (8.1.0) bookworm; urgency=medium
+
+ * api: user: limit the legacy user-keys option to the depreacated values
+ that could be set in the first limited TFA system, like e.g., 'x!yubico'
+ or base32 encoded secrets.
+
+ * oidc: enforce generic URI regex for the ACR value to align with OIDC
+ specifications and with Proxmox Backup Server, which was recently changed
+ to actually be less strict.
+
+ * LDAP sync: improve validation of synced attributes, closely limit the
+ mapped attributes names and their values to avoid glitches through odd
+ LDIF entries.
+
+ * api: user: limit maximum length for first & last name to 1024 characters,
+ email to 254 characters (the maximum actually useable in practice) and
+ comment properties to 2048 characters. This avoid that a few single users
+ bloat the user.cfg to much by mistake, reducing the total amount of users
+ and ACLs that can be set up. Note that only users with User.Modify and
+ realm syncs (setup by admins) can change these in the first place, so this
+ is mostly to avoid mishaps and just to be sure.
+
+ -- Proxmox Support Team <support@proxmox.com> Thu, 08 Feb 2024 17:50:59 +0100
+
+libpve-access-control (8.0.7) bookworm; urgency=medium
+
+ * fix #1148: allow up to three levels of pool nesting
+
+ * pools: record parent/subpool information
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 20 Nov 2023 12:24:13 +0100
+
+libpve-access-control (8.0.6) bookworm; urgency=medium
+
+ * perms: fix wrong /pools entry in default set of ACL paths
+
+ * acl: add missing SDN ACL paths to allowed list
+
+ -- Proxmox Support Team <support@proxmox.com> Fri, 17 Nov 2023 08:27:11 +0100
+
+libpve-access-control (8.0.5) bookworm; urgency=medium
+
+ * fix an issue where setting ldap passwords would refuse to work unless
+ at least one additional property was changed as well
+
+ * add 'check-connection' parameter to create and update endpoints for ldap
+ based realms
+
+ -- Proxmox Support Team <support@proxmox.com> Fri, 11 Aug 2023 13:35:23 +0200
+
+libpve-access-control (8.0.4) bookworm; urgency=medium
+
+ * Lookup of second factors is no longer tied to the 'keys' field in the
+ user.cfg. This fixes an issue where certain LDAP/AD sync job settings
+ could disable user-configured 2nd factors.
+
+ * Existing-but-disabled TFA factors can no longer circumvent realm-mandated
+ TFA.
+
+ -- Proxmox Support Team <support@proxmox.com> Thu, 20 Jul 2023 10:59:21 +0200
+
+libpve-access-control (8.0.3) bookworm; urgency=medium
+
+ * pveum: list tfa: recovery keys have no descriptions
+
+ * pveum: list tfa: sort by user ID
+
+ * drop assert_new_tfa_config_available for Proxmox VE 8, as the new format
+ is understood since pve-manager 7.0-15, and users must upgrade to Proxmox
+ VE 7.4 before upgrading to Proxmox VE 8 in addition to that.
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 21 Jun 2023 19:45:29 +0200
+
+libpve-access-control (8.0.2) bookworm; urgency=medium
+
+ * api: users: sort groups to avoid "flapping" text
+
+ * api: tfa: don't block tokens from viewing and list TFA entries, both are
+ safe to do for anybody with enough permissions to view a user.
+
+ * api: tfa: add missing links for child-routes
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 21 Jun 2023 18:13:54 +0200
+
+libpve-access-control (8.0.1) bookworm; urgency=medium
+
+ * tfa: cope with native versions in cluster version check
+
+ -- Proxmox Support Team <support@proxmox.com> Fri, 09 Jun 2023 16:12:01 +0200
+
+libpve-access-control (8.0.0) bookworm; urgency=medium
+
+ * api: roles: forbid creating new roles starting with "PVE" namespace
+
+ -- Proxmox Support Team <support@proxmox.com> Fri, 09 Jun 2023 10:14:28 +0200
+
+libpve-access-control (8.0.0~3) bookworm; urgency=medium
+
+ * rpcenv: api permission heuristic: query Sys.Modify for root ACL-path
+
+ * access control: add /sdn/zones/<zone>/<vnet>/<vlan> ACL object path
+
+ * add helper for checking bridge access
+
+ * add new SDN.Use privilege in PVESDNUser role, allowing one to specify
+ which user are allowed to use a bridge (or vnet, if SDN is installed)
+
+ * add privileges and paths for cluster resource mapping
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 07 Jun 2023 19:06:54 +0200
+
+libpve-access-control (8.0.0~2) bookworm; urgency=medium
+
+ * api: user index: only include existing tfa lock flags
+
+ * add realm-sync plugin for jobs and CRUD api for realm-sync-jobs
+
+ * roles: only include Permissions.Modify in Administrator built-in role.
+ As, depending on the ACL object path, this privilege might allow one to
+ change their own permissions, which was making the distinction between
+ Admin and PVEAdmin irrelevant.
+
+ * acls: restrict less-privileged ACL modifications. Through allocate
+ permissions in pools, storages and virtual guests one can do some ACL
+ modifications without having the Permissions.Modify privilege, lock those
+ better down to ensure that one can only hand out only the subset of their
+ own privileges, never more. Note that this is mostly future proofing, as
+ the ACL object paths one could give out more permissions where already
+ limiting the scope.
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 07 Jun 2023 11:34:30 +0200
+
+libpve-access-control (8.0.0~1) bookworm; urgency=medium
+
+ * bump pve-rs dependency to 0.8.3
+
+ * drop old verify_tfa api call (POST /access/tfa)
+
+ * drop support for old login API:
+ - 'new-format' is now considured to be 1 and ignored by the API
+
+ * pam auth: set PAM_RHOST to allow pam configs to log/restrict/... by remote
+ address
+
+ * cli: add 'pveum tfa list'
+
+ * cli: add 'pveum tfa unlock'
+
+ * enable lockout of TFA:
+ - too many TOTP attempts will lock out of TOTP
+ - using a recovery key will unlock TOTP
+ - too many TFA attempts will lock a user's TFA auth for an hour
+
+ * api: add /access/users/<userid>/unlock-tfa to unlock a user's TFA
+ authentication if it was locked by too many wrong 2nd factor login attempts
+
+ * api: /access/tfa and /access/users now include the tfa lockout status
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 05 Jun 2023 14:52:29 +0200
+
+libpve-access-control (7.99.0) bookworm; urgency=medium
+
+ * initial re-build for Proxmox VE 8.x series
+
+ * switch to native versioning
+
+ -- Proxmox Support Team <support@proxmox.com> Sun, 21 May 2023 10:34:19 +0200
+
+libpve-access-control (7.4-3) bullseye; urgency=medium
+
+ * use new 2nd factor verification from pve-rs
+
+ -- Proxmox Support Team <support@proxmox.com> Tue, 16 May 2023 13:31:28 +0200
+
+libpve-access-control (7.4-2) bullseye; urgency=medium
+
+ * fix #4609: fix regression where a valid DN in the ldap/ad realm config
+ wasn't accepted anymore
+
+ -- Proxmox Support Team <support@proxmox.com> Thu, 23 Mar 2023 15:44:21 +0100
+
+libpve-access-control (7.4-1) bullseye; urgency=medium
+
+ * realm sync: refactor scope/remove-vanished into a standard option
+
+ * ldap: Allow quoted values for DN attribute values
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 20 Mar 2023 17:16:11 +0100
+
+libpve-access-control (7.3-2) bullseye; urgency=medium
+
+ * fix #4518: dramatically improve ACL computation performance
+
+ * userid format: clarify that this is the full name@realm in description
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 06 Mar 2023 11:40:11 +0100
+
+libpve-access-control (7.3-1) bullseye; urgency=medium
+
+ * realm: sync: allow explicit 'none' for 'remove-vanished' option
+
+ -- Proxmox Support Team <support@proxmox.com> Fri, 16 Dec 2022 13:11:04 +0100
+
+libpve-access-control (7.2-5) bullseye; urgency=medium
+
+ * api: realm sync: avoid separate log line for "remove-vanished" opt
+
+ * auth ldap/ad: compare group member dn case-insensitively
+
+ * two factor auth: only lock tfa config for recovery keys
+
+ * privs: add Sys.Incoming for guarding cross-cluster data streams like guest
+ migrations and storage migrations
+
+ -- Proxmox Support Team <support@proxmox.com> Thu, 17 Nov 2022 13:09:17 +0100
+
libpve-access-control (7.2-4) bullseye; urgency=medium
* fix #4074: increase API OpenID code size limit to 2048